| 1.1.3 Ensure noexec option set on /tmp partition | CIS Amazon Linux 2 STIG v2.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 1.1.5 Ensure nosuid option set on /tmp partition | CIS Amazon Linux 2 STIG v2.0.0 L1 Server | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT, MEDIA PROTECTION, SYSTEM AND SERVICES ACQUISITION |
| 1.1.25 Ensure sticky bit is set on all world-writable directories | CIS Amazon Linux 2 STIG v2.0.0 L1 Server | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT, MEDIA PROTECTION, SYSTEM AND SERVICES ACQUISITION |
| 1.1.28 Disable USB Storage | CIS Amazon Linux 2 STIG v2.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
| 1.2.1 Ensure GPG keys are configured | CIS Amazon Linux 2 STIG v2.0.0 L1 Server | Unix | RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY |
| 1.3.2 Ensure filesystem integrity is regularly checked | CIS Amazon Linux 2 STIG v2.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT |
| 1.6.1.3 Ensure SELinux policy is configured | CIS Amazon Linux 2 STIG v2.0.0 L1 Server | Unix | ACCESS CONTROL, SYSTEM AND INFORMATION INTEGRITY |
| 1.6.1.8 Ensure the MCS Translation Service (mcstrans) is not installed | CIS Amazon Linux 2 STIG v2.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT |
| 2.2.1.1 Ensure time synchronization is in use | CIS Amazon Linux 2 STIG v2.0.0 L1 Server | Unix | AUDIT AND ACCOUNTABILITY |
| 2.2.3 Ensure Avahi Server is not installed | CIS Amazon Linux 2 STIG v2.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT |
| 2.2.8 Ensure FTP Server is not installed | CIS Amazon Linux 2 STIG v2.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT |
| 2.2.12 Ensure HTTP Proxy Server is not installed | CIS Amazon Linux 2 STIG v2.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT |
| 2.2.15 Ensure telnet-server is not installed | CIS Amazon Linux 2 STIG v2.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT |
| 3.5.1.2 Ensure iptables-services not installed with firewalld | CIS Amazon Linux 2 STIG v2.0.0 L1 Server | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.5.1.6 Ensure network interfaces are assigned to appropriate zone | CIS Amazon Linux 2 STIG v2.0.0 L1 Server | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.5.1.7 Ensure firewalld drops unnecessary services and ports | CIS Amazon Linux 2 STIG v2.0.0 L1 Server | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.5.2.3 Ensure iptables-services not installed with nftables | CIS Amazon Linux 2 STIG v2.0.0 L1 Server | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.5.2.4 Ensure iptables are flushed with nftables | CIS Amazon Linux 2 STIG v2.0.0 L1 Server | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.5.3.1.2 Ensure nftables is not installed with iptables | CIS Amazon Linux 2 STIG v2.0.0 L1 Server | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.5.3.3.4 Ensure ip6tables default deny firewall policy | CIS Amazon Linux 2 STIG v2.0.0 L1 Server | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.2.1.3 Ensure rsyslog default file permissions configured | CIS Amazon Linux 2 STIG v2.0.0 L1 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 4.2.1.4 Ensure logging is configured | CIS Amazon Linux 2 STIG v2.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT |
| 5.1.3 Ensure permissions on /etc/cron.hourly are configured | CIS Amazon Linux 2 STIG v2.0.0 L1 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 5.1.4 Ensure permissions on /etc/cron.daily are configured | CIS Amazon Linux 2 STIG v2.0.0 L1 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 5.1.7 Ensure permissions on /etc/cron.d are configured | CIS Amazon Linux 2 STIG v2.0.0 L1 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 5.1.8 Ensure cron is restricted to authorized users | CIS Amazon Linux 2 STIG v2.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT |
| 5.2.3 Ensure sudo log file exists | CIS Amazon Linux 2 STIG v2.0.0 L1 Server | Unix | AUDIT AND ACCOUNTABILITY |
| 5.3.3 Ensure permissions on /etc/ssh/sshd_config are configured | CIS Amazon Linux 2 STIG v2.0.0 L1 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 5.4.3 Ensure password hashing algorithm is SHA-512 | CIS Amazon Linux 2 STIG v2.0.0 L1 Server | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.5.1.5 Ensure all users last password change date is in the past | CIS Amazon Linux 2 STIG v2.0.0 L1 Server | Unix | IDENTIFICATION AND AUTHENTICATION |
| 6.2.4 Ensure shadow group is empty | CIS Amazon Linux 2 STIG v2.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 6.2.5 Ensure no duplicate user names exist | CIS Amazon Linux 2 STIG v2.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 6.2.6 Ensure no duplicate group names exist | CIS Amazon Linux 2 STIG v2.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 6.2.8 Ensure no duplicate GIDs exist | CIS Amazon Linux 2 STIG v2.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 6.2.14 Ensure users' dot files are not group or world writable | CIS Amazon Linux 2 STIG v2.0.0 L1 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 6.2.16 Ensure no users have .netrc files | CIS Amazon Linux 2 STIG v2.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT, MAINTENANCE |
| 6.2.17 Ensure no users have .rhosts files | CIS Amazon Linux 2 STIG v2.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 8.4.6 Disable BIOS BBS | CIS VMware ESXi 5.1 v1.0.1 Level 2 | VMware | CONFIGURATION MANAGEMENT |
| 8.4.8 Ensure Unity Taskbar is disabled | CIS VMware ESXi 6.5 v1.0.0 Level 2 | VMware | SYSTEM AND INFORMATION INTEGRITY |
| 8.4.9 Disable Unity Active | CIS VMware ESXi 5.1 v1.0.1 Level 2 | VMware | CONFIGURATION MANAGEMENT |
| 8.4.11 Disable Unity Push Update | CIS VMware ESXi 5.1 v1.0.1 Level 2 | VMware | CONFIGURATION MANAGEMENT |
| 8.4.13 Ensure Drag and Drop Version Set is disabled | CIS VMware ESXi 6.5 v1.0.0 Level 2 | VMware | SYSTEM AND INFORMATION INTEGRITY |
| 8.4.14 Ensure Shell Action is disabled | CIS VMware ESXi 6.5 v1.0.0 Level 2 | VMware | SYSTEM AND INFORMATION INTEGRITY |
| 8.4.16 Disable Trash Folder State | CIS VMware ESXi 5.1 v1.0.1 Level 2 | VMware | CONFIGURATION MANAGEMENT |
| 8.4.18 Disable Unity | CIS VMware ESXi 5.1 v1.0.1 Level 2 | VMware | CONFIGURATION MANAGEMENT |
| 8.4.22 Disable Guest Host Interaction Launch Menu | CIS VMware ESXi 5.1 v1.0.1 Level 2 | VMware | CONFIGURATION MANAGEMENT |
| 8.4.22 Ensure Guest Host Interaction Launch Menu is disabled | CIS VMware ESXi 6.5 v1.0.0 Level 2 | VMware | SYSTEM AND INFORMATION INTEGRITY |
| 18.8.7.1.2 (BL) Ensure 'Prevent installation of devices that match any of these device IDs: Prevent installation of devices that match any of these device IDs' is set to 'PCI\CC_0C0A' | CIS Microsoft Windows 8.1 v2.4.1 L2 Bitlocker | Windows | MEDIA PROTECTION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.9.7.1.2 (BL) Ensure 'Prevent installation of devices that match any of these device IDs: Prevent installation of devices that match any of these device IDs' is set to 'PCI\CC_0C0A' | CIS Microsoft Windows 10 Enterprise v4.0.0 L1 BL | Windows | MEDIA PROTECTION |
| GEN005512 - The SSH client must only use message authentication codes (MACs) that employ FIPS 140-2 cryptographic hash algorithms. | DISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit | Unix | ACCESS CONTROL |
